Weblog de Madelman

Via NetSec

Port Reporter es un servicio para Windows que permite monitorizar la actividad de los puertos. Muy útil para descubrir programas que no deberian estar en nuestro ordenador.

Port Reporter is a M$ Windows service that logs all port activity including PID to port mappings and a dump of all DLL’s bound to a port. While this may eat up a bit of disk and CPU, this data could help track down backdoors, trojans, rootkits, etc. Here’s a snippet from telnet-ing to a netcat listener on port 3333:

date,time,protocol,local port,local IP address,remote port,remote IP address,PID,module,user context
04/11/21,13:36:3,TCP,1372,127.0.0.1,3333,127.0.0.1,2648,telnet.exe, 04/11/21,13:36:3,TCP,3333,127.0.0.1,1372,127.0.0.1,4020,nc.exe,